The BW mobile app privacy research co-authors, are, left to right, BW senior Dan Jesenseky, Dr. Brian Krupp, BW assistant professor of computer science, and senior Amanda Szamplas.

BW researchers have developed a novel solution to warn smartphone users about the covert misuse of their data. 

Student, faculty researchers expose secret misuse of personal data by mobile apps

September 21, 2017

The BW mobile app privacy research co-authors, are, left to right, BW senior Dan Jesenseky, Dr. Brian Krupp, BW assistant professor of computer science, and senior Amanda Szamplas.

As mobile applications have grown from collecting basic personal information to knowing intimate details of consumer's lives, computer science researchers at Baldwin Wallace University have developed a novel solution to inform mobile device users about the hidden misuse of their personal data. 

IEEE logoThe research, which was accepted for presentation by the IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON) at Columbia University October 19-21, identifies a way to expose the unauthorized use of personal data and boost the ability of consumers to shield their privacy.

Constant risk of misuse

The research co-authors, Dr. Brian Krupp, BW assistant professor of computer science, and students Dan Jesensky '18 and Amanda Szampias '18, tested their solution on more than 800 popular smartphone apps, ferreting out more than 40 that exploited personal information without the knowledge or permission of users.

Woman holds mobile phone with privacy risk"A smartphone user's personal data is at constant risk of being misused," said Krupp. "While mobile operating systems provide basic security and privacy controls, they are insufficient, leaving consumers unaware of how applications use the permissions they originally granted."

"As an example," Krupp explained, "A weather application requests access to your location to give you a forecast, which is a legitimate use. However, behind the scenes and unknown to the user, it will also send that location information to advertiser servers."

Easy, adaptable solution

The solution the BW researchers developed, SPEProxy, notifies consumers of misuse without requiring a modification to their phone.

"Our approach allows consumers to utilize the solution without requiring a high degree of technical expertise," said Jesensky, a triple major in software engineering, computer information systems and network security who hails from North Royalton, Ohio. "SPEProxy can be adapted to different devices and operating systems—both iOS and Android—with a simple network configuration setting."

"SPEProxy gives mobile phone users the ability to understand how applications are using permissions beyond their stated intent and identifies fine-grained policies that can empower the user to protect their data," adds Szampias, a software engineering major from Brunswick, Ohio.

"Allowing access to your location is an example of coarse-grained policy," Krupp explains. "A fine-grained policy might only allow app access to an anonymous version of your location, or your location data to be sent only to certain servers, or to limit access to your location during certain times of the day or from certain locations."

Evaluating and sharing the approach

Graphic showing test results on mobile privacy approach speproxyThe BW research team tested the approach on 817 of the top-ranked applications on Google Play and in the iOS App Store. Their evaluation found SPEProxy to be highly effective across 86.55% of the apps and confirmed 43 cases of misuse including The Weather Channel, LinkedIn and more. 

Following their detailed conference presentation, which is titled "SPEProxy: Enforcing Fine Grained Security and Privacy Controls on Unmodified Mobile Devices," the researchers will get to work on developing a publicly available version of SPEProxy, which currently lives on a BW server.

The undergraduate student co-authors of SPEProxy are both BW seniors set to graduate in May 2018 with an impressive research feather in their caps.